Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2017/01/12 8:0 p.m.58 views

CVE-2016-8465

CVE-2016-8465 is an elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver that could let a local malicious app execute code in the kernel. Documents confirm the issue affects Android devices (kernel 3.10/3.18) and that exploitation requires a privileged process, with current mitigatio...

7.6CVSS7.6AI score0.01601EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.58 views

CVE-2016-8466

CVE-2016-8466 is an elevation of privilege vulnerability in the Broadcom Wi‑Fi driver affecting Android with kernel components (Kernel-3.10, Kernel-3.18). The issue allows a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. The en...

7.6CVSS7AI score0.01324EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2016-8481

CVE-2016-8481 describes an elevation of privilege vulnerability in the Qualcomm sound driver on Android. A local malicious application could potentially execute arbitrary code in the kernel context if it first compromises a privileged process. The issue affects Android devices with affected kerne...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0333

CVE-2017-0333 : An elevation of privilege in the NVIDIA GPU driver could allow a local malicious Android process to run arbitrary code in the kernel context on devices with Kernel-3.18. This could lead to a local permanent compromise and may require reflashing the OS to repair the device. The pro...

9.3CVSS7.2AI score0.01703EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2017-0437

CVE-2017-0437 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android. The issue could allow a local malicious app to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver, with the Android kernel versions cited as Kernel-3.10 and Kernel-3...

7.6CVSS6.6AI score0.0087EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2017-0441

CVE-2017-0441 is a Qualcomm Wi‑Fi driver elevation-of-privilege vulnerability affecting Android kernels (Kernel-3.10, Kernel-3.18). The connected documents describe a local attacker could run a malicious application to execute arbitrary code in the kernel context, after compromising a privileged ...

7.6CVSS6.6AI score0.00882EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2017-0447

CVE-2017-0447 describes an elevation-of-privilege flaw in the HTC touchscreen driver that could allow a local malicious application to execute arbitrary code in the kernel context on Android devices. The vulnerability is tied to the Android kernel (Kernel-3.18) and affects Android devices leverag...

7.6CVSS6.6AI score0.00863EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0518

Summary: CVE-2017-0518 is an elevation of privilege in the Qualcomm fingerprint sensor driver on Android, enabling a local attacker to execute arbitrary code in kernel context. The affected component is the Qualcomm fingerprint sensor driver (kernel version 3.18 on Android). The issue requires co...

7.6CVSS6.6AI score0.01755EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0528

CVE-2017-0528 is described as an elevation-of-privilege vulnerability in the Android kernel security subsystem (kernel 3.18) that could allow a local malicious application to run code in the context of a privileged process. The initial documentation specifies Android/Kernel-3.18 and Android ID A-...

9.3CVSS7AI score0.01823EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.58 views

CVE-2017-0608

CVE-2017-0608 is an elevation-of-privilege in the Qualcomm kernel sound driver for Android, enabling a local attacker to run arbitrary code in the kernel context. The flaw requires compromising a privileged process first. Affected software/versions include Android on Kernel-3.10 and Kernel-3.18. ...

7.6CVSS6.6AI score0.01467EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.58 views

CVE-2017-0651

CVE-2017-0651 is an information-disclosure vulnerability in the Android kernel ION subsystem (Kernel-3.18). A local malicious application could access data outside its permissions after compromising a privileged process. The issue is listed as Low severity in the 2017-06-05 patch level, with Andr...

4.7CVSS4.3AI score0.01EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.58 views

CVE-2022-48888

CVE-2022-48888 (Linux kernel) affects the drm/msm/dpu path; the root cause is a memory leak in msm_mdss_parse_data_bus_icc_path. of_icc_get() allocated resources for path1 and may leak it if an early return occurs due to IS_ERR_OR_NULL(path0). The patch defers obtaining path1 to prevent the leak ...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2025/03/27 4:42 p.m.58 views

CVE-2022-49745

The CVE-2022-49745 issue relates to the Linux kernel, specifically the fpga: m10bmc-sec component. The vulnerability centers on improper handling of probe error rollbacks, with the fix designed to prevent leaks during probe rollback paths. Public documents confirm the issue was resolved by addres...

5.5CVSS6.6AI score0.0015EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.58 views

CVE-2022-49852

Summary (CVE-2022-49852) : In the Linux kernel (riscv), thread_struct::s[12] may leak random kernel memory to userspace, exposing confidential data and impacting availability. The fix clears s[12] in thread_struct during fork, and it is advised to also clear s[12] for kthread cases. Affected: Lin...

7.1CVSS6.4AI score0.0017EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.58 views

CVE-2022-49857

CVE-2022-49857 – Linux kernel (Marvell Prestera) : A memory leak in prestera_rxtx_switch_init() was fixed. When prestera_sdma_switch_init() failed, the memory pointed to sw->rxtx wasn’t released. The connected documents confirm a fix was implemented to properly release resources; no exploitati...

5.5CVSS6.5AI score0.00165EPSS
CVE
CVE
added 2025/09/16 4:11 p.m.58 views

CVE-2022-50350

The CVE-2022-50350 issue affects the Linux kernel’s iSCSI target login path. A race between login_work and the login thread can occur when a malicious initiator sends data immediately after a login PDU. If LOGIN_FLAGS_INITIAL_PDU isn’t cleared due to no further PDU exchanges, the login_work threa...

4.7CVSS6.1AI score0.00103EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.58 views

CVE-2023-20662

The CVE-2023-20662 entry describes a vulnerability in the wlan component where an integer overflow causes an out-of-bounds write. This could enable local escalation of privilege with SYSTEM-level execution privileges and requires no user interaction. A patch is identified as ALPS07560765 (Issue A...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.58 views

CVE-2023-53069

CVE-2023-53069 concerns the Linux kernel octeontx2-vf driver: missing free for alloc_percpu leading to a memory leak in vf->hw.lmt_info. The fix adds free_percpu for the allocated structure, mirroring the existing pf->hw.lmt_info cleanup in otx2_pf.c. This change reduces a local memory leak...

5.5CVSS6.6AI score0.00165EPSS
CVE
CVE
added 2024/06/18 7:23 p.m.58 views

CVE-2024-36976

MODE C CVE-2024-36976 concerns a Linux kernel issue that arose from a change in media: v4l2-ctrls related to log_status. The vulnerability is described as a deadlock risk introduced by the patch that attempted to show all owned controls in log_status, which has since been reverted. The provided d...

5.5CVSS5.2AI score0.00142EPSS
CVE
CVE
added 2025/02/27 2:7 a.m.58 views

CVE-2024-57985

Technical details for CVE-2024-57985 are not publicly provided in the supplied documents. Monitor for updates.

5.5CVSS6.5AI score0.00191EPSS
CVE
CVE
added 2025/03/06 3:54 p.m.58 views

CVE-2024-58059

In CVE-2024-58059, the vulnerability is in the Linux kernel’s media/uvcvideo code. The deadlock could occur when uvc_probe() fails and ends up calling uvc_status_unregister() before uvc_status_init(), risking synchronization issues in the status handling path. The confirmed fix guards against thi...

5.5CVSS7.2AI score0.00112EPSS
CVE
CVE
added 2025/04/01 3:41 p.m.58 views

CVE-2025-21942

CVE-2025-21942 affects the Linux kernel btrfs zoned code. A hang can occur in cow_file_range() when unlocking extents if there is no active zone finish path or after partial allocations, due to unlock code being moved outside the loop by a commit. The fix sets the end to the end of the allocated ...

5.5CVSS7.2AI score0.00186EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.58 views

CVE-2025-38038

CVE-2025-38038 affects the Linux kernel, specifically the cpufreq/amd-pstate implementation. The issue arises from an unnecessary driver-wide mutex in set_boost for per-policy calls, creating a potential deadlock with status_store mutex_acquire in the mode-switch path. SUSE’s openSUSE-SU-2025-200...

5.5CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.58 views

CVE-2025-38042

CVE-2025-38042 concerns the Linux kernel DMA engine for TI k3-udma-glue. The issue stems from relying on the skip_fdq argument in k3_udma_glue_reset_rx_chn(); on some platforms there is a single FDQ for all RX flows, while others have a separate FDQ per flow. The fix infers FDQ behavior from the ...

5.5CVSS6.6AI score0.0014EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.58 views

CVE-2025-38141

CVE-2025-38141 is a Linux kernel use-after-free vulnerability in the device mapper reporting path. The issue stems from a race around reading md->zone_revalidate_map and the lifetime of zone resources during blk_revalidate_disk_zones() and dm_blk_report_zones() calls, potentially freeing resou...

7.8CVSS7.1AI score0.00159EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.58 views

CVE-2025-38278

CVE-2025-38278 affects the Linux kernel’s octeontx2-pf QoS code path. The issue arises in the TC_HTB_LEAF_DEL_LAST callback handling, where on reboot the interface can reassign the same HTB leaf queue to its parent while still updating the number of queues, triggering the warning “New queues can'...

5.5CVSS6.5AI score0.00157EPSS
CVE
CVE
added 2025/08/16 11:12 a.m.58 views

CVE-2025-38539

CVE-2025-38539 affects the Linux kernel tracing subsystem. The issue arises when a module loads trace events and may modify module printk formats to replace enum names with values; if two modules load concurrently, the addition of the event to the ftrace_events list can corrupt list walking and c...

5.5CVSS6.8AI score0.00149EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.58 views

CVE-2025-38608

The CVE-2025-38608 issue is a Linux kernel vulnerability in bpf/ktls that can cause data corruption by failing to recalculate ciphertext length after plaintext length reduction via socket policy, resulting in uninitialized data being transmitted in TLS records. The impact is network-layer data in...

5.5CVSS7.3AI score0.0016EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.58 views

CVE-2026-22991

CVE-2026-22991 is a Linux kernel vulnerability in the libceph code path. A NULL pointer dereference could occur in free_choose_arg_map() when a caller triggers a partial allocation (for example, decode_choose_args() may set arg_map->size before memory allocation and then fail). The fix adds nu...

7.5CVSS5.4AI score0.00395EPSS
CVE
CVE
added 2026/04/01 8:36 a.m.58 views

CVE-2026-23406

CVE-2026-23406 concerns the AppArmor Linux kernel module. The issue arises in the DFA matching logic used during file path checks, where the macro match_char() can evaluate its character parameter multiple times when traversing differential encoding chains. If invoked with *str++, the string poin...

7.8CVSS5.9AI score0.00177EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.57 views

CVE-1999-0257

CVE-1999-0257 corresponds to the Nestea variation of the teardrop IP fragmentation denial-of-service attack. The connected documents consistently describe a network DoS via IP fragmentation handling, without citing concrete affected products, versions, or a confirmed remediation patch within the ...

5CVSS6.8AI score0.01423EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.57 views

CVE-2001-1393

CVE-2001-1393 relates to an unknown vulnerability in the Linux kernel classifier code prior to version 2.2.19 that could cause a denial of service (hang). Multiple connected sources (Mandrake/MDKSA-2001:037, Debian/DSA-047-1, OpenVAS entries) describe an off-by-one issue in the CPIA driver within...

2.1CVSS5.5AI score0.00427EPSS
CVE
CVE
added 2003/06/18 4:0 a.m.57 views

CVE-2003-0418

The vulnerability CVE-2003-0418 affects the Linux 2.0 kernel IP stack, where the ICMP code path miscomputes the size of an ICMP citation. This miscalculation allows ICMP error responses to leak portions of the kernel memory, potentially exposing sensitive data. Affected component: Linux kernel IP...

5CVSS6.4AI score0.02831EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.57 views

CVE-2004-0228

CVE-2004-0228 refers to an integer signedness error in the cpufreq /proc handler (cpufreq_procctl) of the Linux 2.6 kernel, enabling local users to escalate privileges to kernel level. The issue is discussed in multiple advisories (e.g., SUSE, Gentoo GLSA 200407-02, Fedora 2004-111) as part of Li...

7.2CVSS6AI score0.00772EPSS
CVE
CVE
added 2006/05/31 10:0 a.m.57 views

CVE-2004-0997

CVE-2004-0997 is a local privilege-escalation vulnerability in the MIPS ptrace assembly code of the Linux kernel 2.4.x prior to 2.4.17. The connected Debian advisories (DSA-1067-1 and DSA-1070-1) reference this CVE among a list of kernel vulnerabilities and indicate remediation via updates to ker...

4.6CVSS6.1AI score0.00402EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.57 views

CVE-2004-2013

The CVE-2004-2013 vulnerability affects Linux kernels 2.4.25 and earlier, caused by an integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c. An optlen value of -1 allows kmalloc to allocate 0 bytes, enabling a local attacker to potentially execute arbitrary code. Documen...

7.8CVSS7.9AI score0.00617EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.57 views

CVE-2005-0179

CVE-2005-0179 affects the Linux kernel 2.4.x and 2.6.x, allowing a local user to cause a denial of service (CPU/memory exhaustion) and bypass RLIM_MEMLOCK via mlockall. Connected advisories (RHSA-2005:663, CentOS/CESA-2005:663) document kernel updates that fix this and related flaws; remediation ...

2.1CVSS5.2AI score0.00373EPSS
CVE
CVE
added 2005/11/22 8:0 p.m.57 views

CVE-2005-3753

CVE-2005-3753 affects the Linux kernel in the 2.6.x line, around versions near 2.6.12 up to 2.6.13.1. The issue could allow a denial of service (an Oops) via certain IPSec packets that trigger alignment problems in standard multi-block cipher processors. The description notes it is not clear whet...

7.8CVSS6.5AI score0.01439EPSS
CVE
CVE
added 2006/03/07 2:0 a.m.57 views

CVE-2006-0554

CVE-2006-0554 affects the Linux kernel 2.6.x prior to 2.6.15.5. The vulnerability arises in the XFS ftruncate call, where a crafted operation can cause the kernel to return stale data, enabling local information disclosure. Reported as a local, user-privilege‑required issue, with no remote execut...

1.7CVSS5.2AI score0.00367EPSS
CVE
CVE
added 2007/02/07 8:0 p.m.57 views

CVE-2007-0822

CVE-2007-0822 describes a local-denial crash in umount when run on Linux kernel 2.6.15 with Slackware 10.2, triggered by passing a pathname to a USB pen drive that was mounted and then removed; this can lead to a NULL dereference and potential exposure of sensitive data such as core contents. Mul...

1.9CVSS5.9AI score0.0041EPSS
CVE
CVE
added 2008/02/12 8:0 p.m.57 views

CVE-2008-0163

The CVE affects Linux kernel 2.6 in vserver setups, where a symlink issue in /proc allows local attackers to access resources across vservers (CVE-2008-0163). Public advisories confirm affected packages and indicate fixes: Debian DSA-1494-1/2 address linux-2.6 vulnerabilities and upgrade to a pat...

4.4CVSS5.7AI score0.00304EPSS
CVE
CVE
added 2009/05/05 8:0 p.m.57 views

CVE-2009-1527

CVE-2009-1527 affects the Linux kernel prior to 2.6.30-rc4, where a race condition in ptrace_attach (kernel/ptrace.c) can let local users escalate privileges during an exec that launches a setuid process. The root cause is locking of an incorrect cred_exec_mutex object, enabling a PTRACE_ATTACH p...

6.9CVSS6.5AI score0.00492EPSS
CVE
CVE
added 2013/04/22 10:0 a.m.57 views

CVE-2013-3233

CVE-2013-3233 affects the Linux kernel NFC subsystem: llcp_sock_recvmsg in net/nfc/llcp/sock.c does not initialize a length variable and a data structure, enabling local users to leak kernel-stack information via crafted recvmsg/recvfrom calls. The flaw is in kernels before 3.9-rc7. Impact is loc...

4.9CVSS5.3AI score0.00381EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.57 views

CVE-2016-8402

Technical details (affected components, root cause, fixes, or in-wild exploit status) for CVE-2016-8402 are not provided in the connected documents. Monitor official advisories and vendor updates for new information.

4.7CVSS3.9AI score0.01046EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.57 views

CVE-2016-8406

CVE-2016-8406 describes a local information-disclosure vulnerability in Android kernel components (ION subsystem, Binder, USB driver, networking) that could allow a malicious local app to access data outside its permission levels. The issue is tied to Android kernels (3.10, 3.18) and is character...

4.7CVSS3.9AI score0.01046EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.57 views

CVE-2016-8443

CVE-2016-8443 details (from provided documents): Android kernel 3.18 vulnerability that could allow possible unauthorized memory access in the hypervisor. The issue arises from an incorrect configuration that provides access to subsystem page tables. Affected product: Android; kernel version: 3.1...

7.8CVSS7.5AI score0.00324EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.57 views

CVE-2016-8458

The CVE-2016-8458 entry concerns an elevation-of-privilege vulnerability in the Synaptics touchscreen driver on Android. A local malicious application could execute arbitrary kernel code via the vulnerable Synaptics driver, with impact described as Kernel-level compromise. Affected components/ver...

7.6CVSS6.9AI score0.01523EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.57 views

CVE-2016-8480

CVE-2016-8480 is an elevation-of-privilege issue in the Qualcomm Secure Execution Environment Communicator driver on Android. It could allow a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. Affected components/conditions: Andro...

7.6CVSS6.7AI score0.00818EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0307

Summary (CVE-2017-0307) : A vulnerability in the NVIDIA Tegra kernel DRM driver can trigger an integer overflow while calculating memory to allocate, causing a smaller-than-needed allocation and a potential buffer overflow. This may lead to denial of service or possible privilege escalation withi...

9.3CVSS7.2AI score0.01756EPSS
CVE
CVE
added 2017/04/05 2:0 p.m.57 views

CVE-2017-0330

CVE-2017-0330 affects NVIDIA’s Tegra kernel via the NVIDIA crypto driver. The connected NVIDIA security bulletin details that the vulnerability arises from a user-supplied pointer not being correctly validated in the crypto driver, potentially enabling denial of service or privilege escalation. A...

4.7CVSS4.1AI score0.01075EPSS
Total number of security vulnerabilities14330